python-inspector/src/python_inspector/dependencies.py at 8330acecb8e8b6c35b091f8ad0058ef2232b82f1 · aboutcode-org/python-inspector · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
# Copyright (c) nexB Inc. and others. All rights reserved.
# ScanCode is a trademark of nexB Inc.
# SPDX-License-Identifier: Apache-2.0
# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
# See https://github.com/nexB/skeleton for support or download.
# See https://aboutcode.org for more information about nexB OSS projects.
#
from typing import Iterable
from typing import Mapping

from packageurl import PackageURL
from packvers.requirements import Requirement

from _packagedcode import models
from _packagedcode.models import DependentPackage
from _packagedcode.pypi import PipRequirementsFileHandler
from _packagedcode.pypi import get_requirements_txt_dependencies

from python_inspector.logging import logger

"""
Utilities to resolve dependencies.
"""

TRACE = False


def get_dependencies_from_requirements(
    requirements_file="requirements.txt",
) -> Iterable[DependentPackage]:
    """
    Yield DependentPackage for each requirement in a `requirement` file.
    """
    dependent_packages, _ = get_requirements_txt_dependencies(
        location=requirements_file, include_nested=True
    )
    for dependent_package in dependent_packages:
        logger.debug(
            f"dependent_package.extracted_requirement: {dependent_package.extracted_requirement}",
        )
        yield dependent_package


def get_extra_data_from_requirements(requirements_file="requirements.txt") -> Iterable[Mapping]:
    """
    Yield extra_data for each requirement in a `requirement` file.
    """
    for package_data in PipRequirementsFileHandler.parse(location=requirements_file):
        yield package_data.extra_data


def is_requirement_pinned(requirement: Requirement) -> bool:
    specifiers = requirement.specifier
    return specifiers and len(specifiers) == 1 and next(iter(specifiers)).operator in {"==", "==="}


def get_dependency(specifier) -> DependentPackage:
    """
    Return a DependentPackage given a requirement ``specifier`` string.

    For example:
    >>> dep = get_dependency("foo==1.2.3")
    >>> assert dep.purl == "pkg:pypi/foo@1.2.3"
    """
    specifier = specifier and "".join(specifier.lower().split())
    assert specifier, f"specifier is required but empty:{specifier!r}"

    requirement = Requirement(requirement_string=specifier)

    scope = "install"
    is_runtime = True
    is_optional = False

    if requirement.name:
        # will be None if not pinned
        version = None
        if is_requirement_pinned(requirement):
            version = str(list(requirement.specifier)[0].version)
        purl = PackageURL(type="pypi", name=requirement.name, version=version).to_string()

    return models.DependentPackage(
        purl=purl,
        scope=scope,
        is_runtime=is_runtime,
        is_optional=is_optional,
        is_resolved=False or is_requirement_pinned(requirement),
        extracted_requirement=specifier,
    )